Develop Reference

Getting an undefined token in backend

Hello i am trying to use my token in my application after user is logged in but am getting an undefined response in my console. Below are my codes. How can i correct my code to be able to access token inside application and use to do other features of the application?
my controller
import User from "../models/user";
import Stripe from "stripe";
const stripe = Stripe(process.env.STRIPE_SECRET);
export const createConnectAccount = async (req, res) => {
console.log(req.user);
try {
const user = await User.findById(req.user._id).exec();
console.log("USER ==> ", user);
if (!user.stripe_account_id) {
const account = await stripe.accounts.create({
type: "express",
});
console.log("ACCOUNT ===>", account);
user.stripe_account_id = account.id;
user.save();
}
} catch (error) {
res.status(500).json();
}
};
my middleware
var { expressjwt: jwt } = require("express-jwt");
// req.user
export const requireSignin = jwt({
//secret, expiryDate
secret: process.env.JWT_SECRET,
algorithms: ["HS256"],
});
my routes
import express from "express";
const router = express.Router();
import { requireSignin } from "../middlewares";
import { createConnectAccount } from "../controllers/stripe";
router.post("/create-connect-account", requireSignin, createConnectAccount);
module.exports = router;
my auth controller
import User from "../models/user";
import jwt from "jsonwebtoken";
export const register = async (req, res) => {
console.log(req.body);
const { name, email, password } = req.body;
if (!name) return res.status(400).send("Name is required");
if (!password || password.length < 6)
return res
.status(400)
.send("Password is required and should be minimum 6 characters long");
let userExist = await User.findOne({ email }).exec();
if (userExist) return res.status(400).send("Email is taken");
const user = new User(req.body);
try {
await user.save();
console.log("User saved successfully", user);
return res.json({ ok: true });
} catch (err) {
console.log("CREATE USER FAILED", err);
return res.status(400).send("Error.Try again");
}
};
export const login = async (req, res) => {
// console.log(req.body);
const { email, password } = req.body;
try {
//check if user with credentials
let user = await User.findOne({ email }).exec();
// console.log("USER EXISTS", user);
if (!user) res.status(400).send("User with email not found");
//compare password
user.comparePassword(password, (err, match) => {
console.log("COMPARE PASSWORD IN LOGIN ERR", err);
if (!match || err) return res.status(400).send("Wrong password");
//("GENERATE A TOKEN THEN SEND AS RESPONSE TO CLIENT");
let token = jwt.sign({ _id: user._id }, process.env.JWT_SECRET, {
expiresIn: "7d",
});
res.json({
token,
user: {
_id: user._id,
name: user.name,
email: user.email,
createdAt: user.createdAt,
updatedAt: user.updatedAt,
},
});
});
} catch (err) {
console.log("LOGIN ERROR", err);
res.status(400).send("Signin failed");
}
};
my terminal output
POST /api/login 200 1142.309 ms - 349
undefined
POST /api/create-connect-account 500 9.092 ms - -
Headers
import axios from "axios";
export const createConnectAccount = async (token) => {
await axios.post(
`${process.env.REACT_APP_API}/create-connect-account`,
{},
{
headers: {
Authorization: `Bearer ${token}`,
},
}
);
};

I'm sorry to tell you your code has other errors in it.
My guess is that your res is not well written in auth controller, login function :
res.status(201).json({
token :token,
user: user
})
Also when reading your token trying to authenticate : it will be easier to use the same package than the one that sign it.
const jwt = require("jsonwebtoken");
exports. requireSignin = () => {
return async (req, res, next) => {
try {
const token = req?.headers?.authorization?.split(" ")[1];
const decodedToken = jwt.verify(token, process.env.JWT_SECRET);
const userId = decodedToken._id;
const user = await User.findOne({ _id: userId });
if (user) {
req.auth = {
user: user,
};
} else {
throw new Error("user not found");
}
next();
} catch (error) {
console.log(error.message);
res.status(401).json({ error: "failed to authenticate" });
}
};
};
But your code is pretty hard to read :
To make it easier to read and clearer for you, try and use joy or yup
Joi : https://www.npmjs.com/package/joi
Yup : https://www.npmjs.com/package/yup
With those you will be able to create middlewares to avoid wrong entries in your body : for example
if (!name) return res.status(400).send("Name is required");
is processed automatically with those packages
Also, you shouldn't use 'import' and 'require' in the same project, choose either one of them
I hope this will help

React Application error "The server responded with error 401 (unauthorized) "

I am working on a user registration project on ReactJS and got stuck on a problem when I try to activate the user account. The backend server is giving me the error 401: Failed to load resource: the server responded with a status of 401 (Unauthorized). What might be the problem here, I was not able to find out any solution related to my code, can anyone help ??
Here is my code for Activation.jsx:
import React, { useState, useEffect } from 'react';
import authSvg from '../assests/welcome.svg';
import axios from 'axios';
import jwt_decode from 'jwt-decode';
import { isAuth } from '../helpers/auth';
import { Navigate , useParams} from 'react-router-dom';
const Activate = ({ match }) => {
const [formData, setFormData] = useState({
name: '',
token: '',
show: true
});
match = useParams();
useEffect(() => {
let token = match.token;
console.log(token);
let { name } = jwt_decode(token);
if (token) {
setFormData({ ...formData, name, token });
}
console.log(token, name);
}, [match.params]);
const { name, token, show } = formData;
const handleSubmit = e => {
e.preventDefault();
axios
.post(`${process.env.REACT_APP_API_URL}/activation`, {
token
})
.then(res => {
setFormData({
...formData,
show: false
});
console.log(res.data.message);
})
.catch(err => {
console.log(err);
});
};
Here is the code from activation controller :
const User = require('../models/auth.model');
const expressJwt = require('express-jwt');
const _ = require('lodash');
const { OAuth2Client } = require('google-auth-library');
const fetch = require('node-fetch');
const { validationResult } = require('express-validator');
const jwt_decode = require('jwt-decode')
const { errorHandler } = require('../helpers/dbErrorHandling');
const nodemailer = require('nodemailer')
exports.activationController = (req, res) => {
const { token } = req.body;
if (token) {
jwt_decode.verify(token, process.env.JWT_ACCOUNT_ACTIVATION, (err, decoded) => {
if (err) {
console.log('Activation error');
return res.status(401).json({
errors: 'Expired link. Signup again'
});
} else {
const { name, email, password } = jwt_decode(token);
console.log(email);
const user = new User({
name,
email,
password
});
user.save((err, user) => {
if (err) {
console.log('Save error', errorHandler(err));
return res.status(401).json({
errors: errorHandler(err)
});
} else {
return res.json({
success: true,
message: user,
message: 'Signup success'
});
}
});
const apiKey = user._id;
user.apiKey = apiKey
user.save((err) => {
console.log(err);
})
}
});
} else {
return res.json({
message: 'error happening please try again'
});
}
};

As you have said in the comments , I think you have apiKey and path as an object properties in your user model which are not filled , and also the problem is you are using jwt_decode for verify and sign purposes which is wrong , the purpose for jwt_decode here is for decoding the token and nothing else , so use jsonwebtoken library for verfication and sign purposes .
Also remove the api key generation code , as what are you doing you are calling user.save() method 2 times in a row so the first one hasn't even finished saving before the 2nd one gets called .

Send POST data using Send Grid API for verification email

I am having issues posting to send a verification email. I am using ReactJS front end NodeJS backend and MongoDB database. I am running npm run dev to make sure my backend server is running when testing in Postman and gives me an error Cannot Post /api/verify-email I am not getting any other error code so having a hard time trouble shooting. I am using Send Grid API to send the verification email.
verifyEmailRoute.js
import { ObjectId } from 'mongodb';
import jwt from 'jsonwebtoken';
import { getDbConnection } from '../src/db';
export const verifyEmailRoute = {
path: 'http://localhost:8080/api/verify-email',
method: 'put',
handler: async (req, res) => {
const { verificationString } = req.body;
const db = await getDbConnection('react-auth-db');
const result = await db.collection('users').findOne({ verificationString });
if (!result) return res.status(401).json({ message: 'The email verification code is incorrect' });
const { _id: id, email, info } = result;
await db.collection('users').updateOne({ _id: ObjectId(id) }, { $set: { isVerified: true } });
jwt.sign({ id, email, isVerified: true, info }, process.env.JWT_SECRET, { expiresIn: '2d' }, (err, token) => {
if (err) {
return res.status(500).json(err);
}
res.status(200).json({ token });
});
},
};
emailVerificationLandingPage.js
import { useState, useEffect } from 'react';
import { useParams } from 'react-router-dom';
import { useToken } from '../src/auth/useToken';
import { EmailVerificationSuccess } from './EmailVerificationSuccess';
import { EmailVerificationFail } from './EmailVerificationFail';
export const EmailVerificationLandingPage = () => {
const [isLoading, setIsLoading] = useState(true);
const [isSuccess, setIsSuccess] = useState(false);
const [user, setUser] = useState(null);
const { verificationString } = useParams();
const [token, setToken] = useToken();
useEffect(() => {
const loadVerification = async () => {
try {
const response = await fetch.put('http://localhost:8080/api/verify-email', { verificationString });
const { token } = response.data;
setToken(token);
console.log(token);
setIsSuccess(true);
setIsLoading(false);
} catch (error) {
setIsSuccess(false);
setIsLoading(false);
}
}
loadVerification();
}, [setToken, verificationString]);
console.log(token);
if (isLoading) return <p>Loading...</p>;
if (!isSuccess) return <EmailVerificationFail />
return <EmailVerificationSuccess />
}
sendEmail.js
import sendgrid from '#sendgrid/mail';
sendgrid.setApiKey(process.env.SENDGRID_API_KEY);
export const sendEmail = ({ to, from, subject, text, html }) => {
const msg = { to, from, subject, text, html };
return sendgrid.send(msg);
}
signUpRoute.js
import bcrypt from 'bcrypt';
import jwt from 'jsonwebtoken';
import { v4 as uuid } from 'uuid';
import { getDbConnection } from '../src/db';
import { sendEmail } from '../src/util/sendEmail';
export const signUpRoute = {
path: '/api/signup',
method: 'post',
handler: async (req, res) => {
const { email, password } = req.body;
// Make sure there's no existing user with that email - no verification yet
const db = getDbConnection('react-auth-db');
const user = await db.collection('users').findOne({ email });
if (user) {
console.log("found user", user)
return res.sendStatus(409).json(user); // 409 is the "conflict" error code
}
// Generate the salt first
const salt = uuid();
const pepper = process.env.PEPPER_STRING;
// Encrypt the password
const passwordHash = await bcrypt.hash(salt + password + pepper, 10);
const verificationString = uuid();
// Store email and password hash in database (i.e. create user) - you'll also want to get the id
const startingInfo = {
firstName: '',
lastName: '',
dob: '',
}
const result = await db.collection('users').insertOne({
email,
isVerified: false,
verificationString,
passwordHash,
salt,
info: startingInfo,
});
const { insertedId } = result;
try {
await sendEmail({
to: email,
from: 'mdolly01#gmail.com',
subject: 'Welcome to Tool Right Please verify your email',
text: `
Thanks for signing up! To verify your email, you just need to click the link below:
http://localhost:3000/verify-email/${verificationString}
`
});
} catch (e) {
console.log(e);
throw new Error(e);
}
jwt.sign({
id: insertedId,
isVerified: false,
email, // Do NOT send the salt back to the user
info: startingInfo,
},
process.env.JWT_SECRET,
{
expiresIn: '2d',
},
(err, token) => {
if (err) {
return res.status(500).send(err);
}
return res.status(200).json({token});
});
},
};

Passport authenticate jwt not responding

I have a basic MERN login/signup app with a dummy protected route to be visible only to logged in users. I have set up everything related to login and sign up.
I am sending the jwt token from server in a cookie. The aprt up to this works fine. I can sign up and I can login.
But when I make a GET call to /protected route, passport.jwt doesn't seem to work. Nothing happens in there.
Here is my passport.js config:
import {Strategy} from 'passport-jwt';
// import {ExtractJwt} from 'passport-jwt';
import passport from 'passport';
import mongoose from 'mongoose';
import {UserSchema} from '../models/userModel';
import {config} from './config';
const User = mongoose.model('User', UserSchema);
const cookieExtractor = (req) => {
let token = null;
if(req && req.cookies) {
token = req.cookies['jwt'];
}
return token;
}
export const passportConfig = (passport) => {
const opts = {};
opts.jwtFromRequest = cookieExtractor;
opts.secretOrKey = config.key;
passport.use(
new Strategy(opts, (jwt_payload, done) => {
User.findById(jwt_payload.id)
.then((user) => {
if(user) {
return done(null, user);
}
return done(null, false);
})
.catch((err) => {
console.log('Error in finding user by id in jwt.');
});
})
);
};
Here is the userRoutes.js:
import { addNewUser, loginUser, verifyLogin } from '../controllers/userController';
export const routes = (app) => {
app.route('/users/register')
.post(addNewUser);
app.route('/users/login')
.post(loginUser);
app.route('/users/protected')
.get(verifyLogin);
}
Finally, here are the verifyLogin and loginUser controllers in my userController.js:
export const loginUser = (req, res) => {
console.log(req.body);
if(mongoSanitize.has(req.body)) {
return res.send(400).json({error: "Characters $ and . are prohibited. Use different values."});
}
const {errors, isValid} = validateLoginInput(req.body);
if(!isValid) {
return res.status(400).json(errors);
}
const userName = req.body.userName;
const password = req.body.password;
User.findOne({userName: userName})
.then((user) => {
if(!user) {
return res.status(404).json({userNotFound: "Username not found."});
}
else {
bcrypt.compare(password, user.password)
.then((isMatch) => {
if(isMatch) {
const payload = {
id: user.id,
name: user.fullName
};
const token = jwt.sign(payload, config.key, {expiresIn: 60});
res.cookie('jwt', token, {httpOnly: true, secure: false});
res.status(200).json({success: true, token: token});
}
else {
return res.status(400).json({incorrectPassword: "Password incorrect."});
}
})
}
});
};
export const verifyLogin = () => {
console.log('protected'); //'protected' is printed
passport.authenticate('jwt', {session: false}),
(req, res) => {
console.log('here'); //'here' is not printed
const { user } = req;
res.send(200).send({user});
};
};
The controller loginUser works just fine, I can see the token in response and also I have a cookie with the jwt key:value pair.
But the 3rd controller verifyLogin doesn't do anything after passport.authenticate call.
Any ideas where I might be doing something wrong ?

Okay so I was able to fix. Anyone else having the same problem, the issue was that I wasn't using passport.authenticate as a middleware, instead I was calling it as a function with a callback on successful authentication. Here are the change that I made:
userRoutes.js:
export const routes = (app) => {
app.route('/register')
.post(addNewUser);
app.route('/login')
.post(loginUser);
app.route('/protected')
.get(passport.authenticate('jwt', {session:false}), verifyLogin);
}
And then verifyLogin just sends the logged in user information back:
export const verifyLogin = (req, res) => {
console.log('here');
const { user } = req;
res.status(200).json({message:'Secure route', user: user});
};
Everything else is pretty much the same.

I had the same problem until I changed the time to 1 hour. It seems like the value you wrote is in milliseconds, so instead of 60 you should write 60000.

Is this implementation of sending reset password email correct?

I've gone through this article https://ahrjarrett.com/posts/2019-02-08-resetting-user-passwords-with-node-and-jwt to see how to reset password in express.
mailer.js
const nodemailer = require("nodemailer")
export const transporter = nodemailer.createTransport({
service: "gmail",
auth: {
user: process.env.EMAIL,
pass: process.env.PASSWORD
}
})
export const getPasswordResetURL = (user, token) => {
`http://localhost:3000/password/reset/${user._id}/${token}`
}
export const resetPasswordTemplate = (user, url) => {
const from = process.env.EMAIL
const to = user.email
const subject = "Password Reset"
const html = `
<p>Hey ${user.name || user.email},</p>
<p>We heard that you forgot your password. Sorry about that!</p>
<p>But don’t worry! You can use the following link to reset your password:</p>
<a href=${url}>${url}</a>
<p>If you don’t use this link within 1 hour, it will expire.</p>
`
}
return { from, to, subject, html }
emailController.js
const jwt = require("jsonwebtoken")
const bcrypt = require("bcrypt")
const User = require("../models/User")
import { transporter, getPasswordResetURL, resetPasswordTemplate } from "../utils/mailer"
export const usePasswordHashToMakeToken = ({
password: passwordHash,
_id: userId,
createdAt
}) => {
const secret = passwordHash + "-" + createdAt
const token = jwt.sign({ userId }, secret, {
expiresIn: 3600 // 1 hour
})
return token
}
export const sendPasswordResetEmail = async (req, res) => {
const { email } = req.params
let user
try {
user = await User.findOne({ email }).exec()
} catch (err) {
res.status(404).json("No user with that email")
}
const token = usePasswordHashToMakeToken(user)
const url = getPasswordResetURL(user, token)
const emailTemplate = resetPasswordTemplate(user, url)
const sendEmail = () => {
transporter.sendMail(emailTemplate, (err, info) => {
if (err) {
res.status(500).json("Error sending email")
}
console.log(`** Email sent **`, info.response)
})
}
sendEmail()
}
export const receiveNewPassword = (req, res) => {
const { userId, token } = req.params
const { password } = req.body
User.findOne({ _id: userId })
.then(user => {
const secret = user.password + "-" + user.createdAt
const payload = jwt.decode(token, secret)
if (payload.userId === user.id) {
bcrypt.genSalt(10, function(err, salt) {
if (err) return
bcrypt.hash(password, salt, function(err, hash) {
if (err) return
User.findOneAndUpdate({ _id: userId }, { password: hash })
.then(() => res.status(202).json("Password changed accepted"))
.catch(err => res.status(500).json(err))
})
})
}
})
.catch(() => {
res.status(404).json("Invalid user")
})
}
users.js
const express = require('express');
const router = express.Router();
const userController = require("../controllers/userController")
const emailController = require("../controllers/emailController")
router.post("/register", userController.registerUser)
router.post("/login", userController.loginUser)
router.get("/:userId", userController.getUser)
router.post("/user/:email", emailController.sendPasswordResetEmail)
router.post("/receive_new_password/:userId/:token", emailController.receiveNewPassword)
module.exports = router;
It's giving me an error of unexpected token { in this line
import { transporter, getPasswordResetURL, resetPasswordTemplate } from "../utils/mailer"
Can I convert this export const into module.exports and require the above by:
const { transporter, getPasswordResetURL, resetPasswordTemplate } = require("../utils/mailer")

As you mentioned in the question replace all export const and replace it to
module.exports = {transporter, getPasswordResetURL, resetPasswordTemplate}
Also replace the line
import { transporter, getPasswordResetURL, resetPasswordTemplate } from "../utils/mailer"
to
const { transporter, getPasswordResetURL, resetPasswordTemplate } = require("../utils/mailer")
As import, export is es6 syntax and require, module.exports is es5 syntax. If you want to use import then you need to configure Babel.
Suggestions
Most probably example you've taken from he's using es6 and es5 syntax together(He must have configured babel). But in your case, I don't think you have configured babel. So I'll suggest you to either configure babel or change all the es6 syntax to es5. In es6 you can use es5 but in es5 you cannot use es6